refinerycms-api 1.0.0.beta

data/lib/refinery/api/responders.rb

@@ -0,0 +1,11 @@
+require 'refinery/api/responders/rabl_template'
+
+module Refinery
+  module Api
+    module Responders
+      class AppResponder < ActionController::Responder
+        include RablTemplate
+      end
+    end
+  end
+end

data/lib/refinery/api/responders/rabl_template.rb

@@ -0,0 +1,30 @@
+module Refinery
+  module Api
+    module Responders
+      module RablTemplate
+        def to_format
+          if template
+            render template, :status => options[:status] || 200
+          else
+            super
+          end
+        rescue ActionView::MissingTemplate => e
+          api_behavior
+        end
+
+        def template
+          options[:default_template]
+        end
+
+        def api_behavior
+          if controller.params[:action] == "destroy"
+            # Render a blank template
+            super
+          else
+            # Do nothing and fallback to the default template
+          end
+        end
+      end
+    end
+  end
+end

data/lib/refinery/api/testing_support/caching.rb

@@ -0,0 +1,10 @@
+RSpec.configure do |config|
+  config.before(:each, :caching => true) do 
+    ActionController::Base.perform_caching = true
+  end
+  
+  config.after(:each, :caching => true) do
+    ActionController::Base.perform_caching = false
+    Rails.cache.clear
+  end
+end

data/lib/refinery/api/testing_support/helpers.rb

@@ -0,0 +1,44 @@
+module Refinery
+  module Api
+    module TestingSupport
+      module Helpers
+        def json_response
+          case body = JSON.parse(response.body)
+          when Hash
+            body.with_indifferent_access
+          when Array
+            body
+          end
+        end
+
+        def assert_not_found!
+          expect(json_response).to eq({ "error" => "The resource you were looking for could not be found." })
+          expect(response.status).to eq 404
+        end
+
+        def assert_unauthorized!
+          expect(json_response).to eq({ "error" => "You are not authorized to perform that action." })
+          expect(response.status).to eq 401
+        end
+
+        def stub_authentication!
+          allow(Refinery::Api.user_class).to receive(:find_by).with(hash_including(:refinery_api_key)) { current_api_user }
+        end
+
+        # This method can be overriden (with a let block) inside a context
+        # For instance, if you wanted to have an admin user instead.
+        def current_api_user
+          @current_api_user ||= stub_model(Refinery::Api.user_class, email: "refinery@example.com")
+        end
+
+        def file_path(filename)
+          File.open(Refinery::Api::Engine.root + "spec/fixtures" + filename)
+        end
+
+        def upload_file(filename, mime_type)
+          fixture_file_upload(file_path(filename).path, mime_type)
+        end
+      end
+    end
+  end
+end

data/lib/refinery/api/testing_support/setup.rb

@@ -0,0 +1,16 @@
+module Refinery
+  module Api
+    module TestingSupport
+      module Setup
+        def sign_in_as_admin!
+          let!(:current_api_user) do
+            user = stub_model(Refinery::Api.user_class)
+            allow(user).to receive_message_chain(:roles, :pluck).and_return(["superuser"])
+            allow(user).to receive(:has_role?).with("superuser").and_return(true)
+            user
+          end
+        end
+      end
+    end
+  end
+end

data/lib/refinery/permitted_attributes.rb

@@ -0,0 +1,40 @@
+module Refinery
+  module PermittedAttributes
+    ATTRIBUTES = [
+      :image_attributes,
+      :page_attributes,
+      :page_part_attributes,
+      :resource_attributes,
+      :blog_post_attributes,
+      :inquiries_inquiry_attributes
+    ]
+
+    mattr_reader *ATTRIBUTES
+
+    @@image_attributes = [
+      { image: [] }, :image_size, :image_title, :image_alt
+    ]
+
+    @@page_attributes = [
+      :browser_title, :draft, :link_url, :menu_title, :meta_description,
+      :parent_id, :skip_to_first_child, :show_in_menu, :title, :view_template,
+      :layout_template, :custom_slug, parts_attributes: [:id, :title, :slug, :body, :position]
+    ]
+
+    @@page_part_attributes = [
+      :title, :slug, :body, :locale
+    ]
+
+    @@resource_attributes = [
+      :resource_title, { file: [] }
+    ]
+
+    @@blog_post_attributes = [
+      :title, :body, :custom_teaser, :tag_list,
+      :draft, :published_at, :custom_url, :user_id, :username, :browser_title,
+      :meta_description, :source_url, :source_url_title, category_ids: []
+    ]
+
+    @@inquiries_inquiry_attributes = [:name, :phone, :message, :email]
+  end
+end

data/lib/refinery/responder.rb

@@ -0,0 +1,45 @@
+module Refinery
+  class Responder < ::ActionController::Responder #:nodoc:
+
+    attr_accessor :on_success, :on_failure
+
+    def initialize(controller, resources, options={})
+      super
+
+      class_name = controller.class.name.to_sym
+      action_name = options.delete(:action_name)
+
+      if result = Refinery::BaseController.refinery_responders[class_name].try(:[], action_name).try(:[], self.format.to_sym)
+        self.on_success = handler(controller, result, :success)
+        self.on_failure = handler(controller, result, :failure)
+      end
+    end
+
+    def to_html
+      super and return if !(on_success || on_failure)
+      has_errors? ? controller.instance_exec(&on_failure) : controller.instance_exec(&on_success)
+    end
+
+    def to_format
+      super and return if !(on_success || on_failure)
+      has_errors? ? controller.instance_exec(&on_failure) : controller.instance_exec(&on_success)
+    end
+
+    private
+
+    def handler(controller, result, status)
+      return result if result.respond_to? :call
+      
+      case result
+      when Hash
+        if result[status].is_a? Symbol
+          controller.method(result[status])
+        else
+          result[status]
+        end
+      when Symbol
+        controller.method(result)
+      end
+    end
+  end
+end

data/lib/refinerycms-api.rb

@@ -0,0 +1,3 @@
+require 'refinery/api'
+require 'refinery/api/responders'
+require 'versioncake'

data/readme.md

@@ -0,0 +1,69 @@
+# Refinery CMS Api
+
+[![Build Status](https://travis-ci.org/refinerycms-contrib/refinerycms-api.svg?branch=master)](https://travis-ci.org/refinerycms-contrib/refinerycms-api)
+
+This extension allows you to use a Rest API with Refinery CMS 3.0 and later.
+
+## TODO
+* [ ] Check Abilities
+* [ ] Fix specs
+
+## Installation
+
+Simply put this in the Gemfile of your Refinery application:
+
+```ruby
+gem 'refinerycms-api', github: 'refinerycms-contrib/refinerycms-api', master: 'branch'
+```
+
+Then run `bundle install` to install it.
+
+
+### Generate and run migrations
+
+```sh
+$ rails g refinery:api  # Generate initializer
+$ rake db:migrate
+```
+
+Then restart your server.
+
+## Usage
+
+### Create an API Token for your user
+
+```ruby
+$ rake refinery_api:user:api_token:generate EMAIL=refinery@example.org
+```
+
+### Pages
+
+```ruby
+$ curl --header "X-Refinery-Token: YOUR_API_TOKEN" http://localhost:3000/api/v1/pages
+$ curl --header "X-Refinery-Token: YOUR_API_TOKEN" http://localhost:3000/api/v1/pages/1
+$ curl --header "X-Refinery-Token: YOUR_API_TOKEN" http://localhost:3000/api/v1/pages/new
+
+$ curl -X POST --header "X-Refinery-Token: YOUR_API_TOKEN" "http://localhost:3000/api/v1/pages" -d 'page[title]=test'
+$ curl -X PUT --header "X-Refinery-Token: YOUR_API_TOKEN" "http://localhost:3000/api/v1/pages/1" -d 'page[title]=test2'
+$ curl -X DELETE -H "X-Refinery-Token: YOUR_API_TOKEN" http://localhost:3000/api/v1/pages/1
+```
+
+### Images
+
+```ruby
+$ curl --header "X-Refinery-Token: YOUR_API_TOKEN" http://localhost:3000/api/v1/images
+$ curl --header "X-Refinery-Token: YOUR_API_TOKEN" http://localhost:3000/api/v1/images/1
+$ curl --header "X-Refinery-Token: YOUR_API_TOKEN" http://localhost:3000/api/v1/images/new
+```
+
+### Resources
+
+```ruby
+$ curl --header "X-Refinery-Token: YOUR_API_TOKEN" http://localhost:3000/api/v1/resources
+$ curl --header "X-Refinery-Token: YOUR_API_TOKEN" http://localhost:3000/api/v1/resources/1
+$ curl --header "X-Refinery-Token: YOUR_API_TOKEN" http://localhost:3000/api/v1/resources/new
+```
+
+## Contributing
+
+Please see the [contributing.md](contributing.md) file for instructions.

data/refinerycms_api.gemspec

@@ -0,0 +1,22 @@
+# Encoding: UTF-8
+Gem::Specification.new do |s|
+  s.authors       = ["Brice Sanchez", "Ryan Bigg"]
+  s.description   = %q{Refinery CMS's API}
+  s.summary       = %q{Refinery CMS's API}
+  s.homepage      = 'http://www.refinerycms.com'
+  s.license       = 'BSD-3'
+
+  s.files         = `git ls-files`.split($\)
+  s.executables   = s.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
+  s.test_files    = s.files.grep(%r{^(test|spec|features)/})
+  s.name          = %q{refinerycms-api}
+  s.require_paths = ["lib"]
+  s.version       = %q{1.0.0.beta}
+
+  s.add_dependency 'refinerycms-core',  ['~> 3.0', '>= 3.0.0']
+  s.add_dependency 'cancancan', '~> 1.10.1'
+  s.add_dependency 'decorators', '~> 2.0'
+  s.add_dependency 'rabl', '~> 0.12.0'
+  s.add_dependency 'versioncake', '~> 2.3.1'
+  s.add_dependency 'responders'
+end

data/script/rails

@@ -0,0 +1,9 @@
+#!/usr/bin/env ruby
+# This command will automatically be run when you run "rails" with Rails 3 gems installed from the root of your application.
+
+ENGINE_ROOT = File.expand_path('../..', __FILE__)
+ENGINE_PATH = File.expand_path('../../lib/refinery/api/engine', __FILE__)
+
+require 'rails/all'
+require 'rails/engine/commands'
+

data/spec/controllers/refinery/api/base_controller_spec.rb

@@ -0,0 +1,73 @@
+require 'spec_helper'
+
+class FakesController < Refinery::Api::BaseController
+end
+
+describe Refinery::Api::BaseController, type: :controller do
+  render_views
+  controller(Refinery::Api::BaseController) do
+    def index
+      render text: { "pages": [] }.to_json
+    end
+  end
+
+  before do
+    @routes = ActionDispatch::Routing::RouteSet.new.tap do |r|
+      r.draw { get 'index', to: 'refinery/api/base#index' }
+    end
+  end
+
+  context "cannot make a request to the API" do
+    it "without an API key" do
+      api_get :index
+      expect(json_response).to eq({ "error" => "You must specify an API key." })
+      expect(response.status).to eq(401)
+    end
+
+    it "with an invalid API key" do
+      request.headers["X-Refinery-Token"] = "fake_key"
+      get :index, {}
+      expect(json_response).to eq({ "error" => "Invalid API key (fake_key) specified." })
+      expect(response.status).to eq(401)
+    end
+
+    it "using an invalid token param" do
+      get :index, token: "fake_key"
+      expect(json_response).to eq({ "error" => "Invalid API key (fake_key) specified." })
+    end
+  end
+
+  it 'handles parameter missing exceptions' do
+    expect(subject).to receive(:authenticate_user).and_return(true)
+    expect(subject).to receive(:load_user_roles).and_return(true)
+    expect(subject).to receive(:index).and_raise(ActionController::ParameterMissing.new('foo'))
+    get :index, token: 'exception-message'
+    expect(json_response).to eql('exception' => 'param is missing or the value is empty: foo')
+  end
+
+  it 'handles record invalid exceptions' do
+    expect(subject).to receive(:authenticate_user).and_return(true)
+    expect(subject).to receive(:load_user_roles).and_return(true)
+    resource = Refinery::Page.new
+    resource.valid? # get some errors
+    expect(subject).to receive(:index).and_raise(ActiveRecord::RecordInvalid.new(resource))
+    get :index, token: 'exception-message'
+    expect(json_response).to eql('exception' => "Validation failed: Title can't be blank")
+  end
+
+  it "maps semantic keys to nested_attributes keys" do
+    klass = double(nested_attributes_options: { line_items: {},
+                                                  bill_address: {} })
+    attributes = { 'line_items': { id: 1 },
+                   'bill_address': { id: 2 },
+                   'name': 'test order' }
+
+    mapped = subject.map_nested_attributes_keys(klass, attributes)
+    expect(mapped.has_key?('line_items_attributes')).to be true
+    expect(mapped.has_key?('name')).to be true
+  end
+
+  it "lets a subclass override the product associations that are eager-loaded" do
+    expect(controller.respond_to?(:product_includes, true)).to be
+  end
+end

data/spec/controllers/refinery/api/v1/blog/posts_controller_spec.rb

@@ -0,0 +1,140 @@
+require 'spec_helper'
+
+module Refinery
+  describe Api::V1::Blog::PostsController, type: :controller do
+    render_views
+
+    let!(:post) { FactoryGirl.create(:blog_post, :title => "Ruby") }
+
+    let!(:attributes_new) { [ "title", "body", "custom_teaser", "tag_list", "draft", "published_at", "custom_url", "user_id", "username", "browser_title", "meta_description", "source_url", "source_url_title", {"category_ids"=>[]} ] }
+    let!(:attributes) { [ "title", "body", "custom_teaser", "tag_list", "draft", "published_at", "custom_url", "user_id", "username", "browser_title", "meta_description", "source_url", "source_url_title", "category_ids" ] }
+
+    before do
+      stub_authentication!
+    end
+
+    context "as a normal user" do
+      it "can get a list of blog posts" do
+        api_get :index
+
+        expect(response.status).to eq(200)
+        expect(json_response).to have_key("posts")
+        attributes.delete("category_ids")
+        expect(json_response["posts"].first.keys).to eq(attributes)
+      end
+
+      # it "paginates through taxons" do
+      #   new_taxon = create(:taxon, :name => "Go", :taxonomy => taxonomy)
+      #   taxonomy.root.children << new_taxon
+      #   expect(taxonomy.root.children.count).to eql(2)
+      #   api_get :index, :taxonomy_id => taxonomy.id, :page => 1, :per_page => 1
+      #   expect(json_response["count"]).to eql(1)
+      #   expect(json_response["total_count"]).to eql(2)
+      #   expect(json_response["current_page"]).to eql(1)
+      #   expect(json_response["per_page"]).to eql(1)
+      #   expect(json_response["pages"]).to eql(2)
+      # end
+
+      # describe 'searching' do
+      #   context 'with a name' do
+      #     before do
+      #       api_get :index, :q => { :name_cont => name }
+      #     end
+
+      #     context 'with one result' do
+      #       let(:name) { "Ruby" }
+
+      #       it "returns an array including the matching taxon" do
+      #         expect(json_response['taxons'].count).to eq(1)
+      #         expect(json_response['taxons'].first['name']).to eq "Ruby"
+      #       end
+      #     end
+
+      #     context 'with no results' do
+      #       let(:name) { "Imaginary" }
+
+      #       it 'returns an empty array of taxons' do
+      #         expect(json_response.keys).to include('taxons')
+      #         expect(json_response['taxons'].count).to eq(0)
+      #       end
+      #     end
+      #   end
+
+      #   context 'with no filters' do
+      #     it "gets all taxons" do
+      #       api_get :index
+
+      #       expect(json_response['taxons'].first['name']).to eq taxonomy.root.name
+      #       children = json_response['taxons'].first['taxons']
+      #       expect(children.count).to eq 1
+      #       expect(children.first['name']).to eq taxon.name
+      #       expect(children.first['taxons'].count).to eq 1
+      #     end
+      #   end
+      # end
+
+      it "gets a single blog post" do
+        api_get :show, id: post.id
+
+        expect(json_response['title']).to eq post.title
+        expect(json_response['posts']).to be_nil
+      end
+
+      it "can learn how to create a new blog post" do
+        api_get :new
+        expect(json_response["attributes"]).to eq(attributes_new)
+        required_attributes = json_response["required_attributes"]
+        expect(required_attributes).to include("title")
+      end
+
+      it "cannot create a new blog post if not an admin" do
+        api_post :create, blog_post: { title: "Location" }
+        assert_unauthorized!
+      end
+
+      it "cannot update a blog post" do
+        api_put :update, id: post.id, post: { title: "I hacked your website!" }
+        assert_unauthorized!
+      end
+
+      it "cannot delete a blog post" do
+        api_delete :destroy, id: post.id
+        assert_unauthorized!
+      end
+    end
+
+    context "as an admin" do
+      sign_in_as_admin!
+
+      it "can create" do
+        expect do
+          api_post :create, post: { title: "Colors", body: "Colors of life", published_at: Time.now, username: "John Doe" }
+          attributes.delete("category_ids")
+          expect(json_response.keys).to eq(attributes)
+          expect(response.status).to eq(201)
+        end.to change(Blog::Post, :count).by(1)
+      end
+
+      it "can update the title" do
+        api_put :update, id: post.id, post: { title: "I update your website!" }
+        expect(response.status).to eq(200)
+        expect(Blog::Post.last.title).to eql "I update your website!"
+      end
+
+      it "cannot create a new blog post with invalid attributes" do
+        api_post :create, post: {}
+        expect(response.status).to eq(422)
+        expect(json_response["error"]).to eq("Invalid resource. Please fix errors and try again.")
+        errors = json_response["errors"]
+
+        expect(Blog::Post.count).to eq 1
+      end
+
+      it "can destroy" do
+        api_delete :destroy, :id => post.id
+        expect(response.status).to eq(204)
+      end
+    end
+
+  end
+end